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WHAT IS CLAIMED IS : 

1 . A system for managing a plurality of data protection rules, comprising: 
a processor; 

a database coupled to the processor, the database operable to receive 
and store the data protection rules and to receive and store a plurality of 
permissions generated by a data owner; 

a memory coupled to the processor; 

an authorization management tool residing in the memory and 
executable by the processor, the authorization management tool operable to: 

accept a query from a data requester, the query related to a 
particular set of data; 

access the database to validate that a permission exists for the 
data requester; 

access the data protection rules in the database to validate that 
the particular set of data may be accessed by the data requester; and 
generate a response to the query. 

2. The system of Claim 1, wherein the authorization management tool is 
further operable to store identifying information about the data requester in the 
database. 

3. The system of Claim 1, wherein the authorization management tool is 
further operable to store a query result in the database, the query result related to 
whether the response was generated. 
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4. The system of Claim 1, further comprising a user acceptance tool 
residing in the memory and executable by the processor, the user acceptance tool 
operable to: 

query a user about a user preference with respect to the data protection 

5 rules; 

accept the user preference; and 

store the user preference in the database. 



5. The system of Claim 4, wherein the authorization management tool is 
10 further operable to access the user preferences in the database to validate that the 

particular set of data may be accessed by the data requester. 



6. The system of Claim 1, further comprising a state change tool residing 
in the memory and executable by the processor, the state change tool operable to: 
1 5 receive a state change of an entity; 

compare the state change to the data protection rules stored in the 
database; 

determine whether the state change complies with the data protection 
rules; and 

20 update the database with the state change. 



7. The system of Claim 6, wherein the entity is a user and the state 
change tool is further operable to: 

query the user about a user preference with respect to the data 
25 protection rules; 

accept the user preference; and 

store the user preference in the database. 



30 



8. The system of Claim 7, wherein the authorization management tool is 
further operable to access the user preferences in the database to validate that the 
particular set of data may be accessed by the data requester. 
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9. The system of Claim 1, wherein the authorization management tool is 
further operable to access one or more corporate policies in the database to validate 
that the particular set of data may be accessed by the data requester. 
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10. A computerized method for managing a plurality of data protection 
rules, comprising: 

receiving and storing the data protection rules in a database; 
receiving and storing a plurality of permissions generated by a data 
5 owner in the database; 

accepting a query from a data requester, the query related to a 
particular set of data; 

accessing the database to validate that a permission exists for the data 
requester; 

1 0 accessing the database to validate that the particular set of data may be 

accessed by the data requester; and 

generating a response to the query. 



11. The computerized method of Claim 10, further comprising storing 
1 5 identifying information about the data requester in the database. 

12. The computerized method of Claim 10, further comprising storing a 
query result in the database, the query result related to whether the response was 
generated. 

20 

13. The computerized method of Claim 10, further comprising: 
querying a user about a user preference with respect to the data 

protection rules; 

accepting the user preference; and 
25 storing the user preference in the database. 

14. The computerized method of Claim 13, further comprising accessing 
the user preferences in the database to validate that the particular set of data may be 
accessed by the data requester. 



30 
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15. The computerized method of Claim 10, further comprising: 
receiving a state change of an entity; 

comparing the state change to the data protection rules stored in the 
database; 

determining whether the state change complies with the data protection 
rules; and 

updating the database with the state change. 

1 6. The computerized method of Claim 1 5, further comprising: 
querying the user about a user preference with respect to the data 

protection rules; 

accepting the user preference; and 
storing the user preference in the database. 

17. The computerized method of Claim 16, further comprising accessing 
the user preferences in the database to validate that the particular set of data may be 
accessed by the data requester. 



18. The computerized method of Claim 10, further comprising accessing 
one or more corporate policies stored in the database to validate that the particular set 
of data may be accessed by the data requester. 
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19. A system for managing a plurality of data protection rules, comprising: 
a processor; 

a database coupled to the processor, the database operable to receive 
and store the data protection rules and a plurality of corporate policies; 
a memory coupled to the processor; 

a user acceptance tool residing in the memory and executable by the 
processor, the user acceptance tool operable to: 

query a user about a user preference with respect to one or 
more data protection rules stored in the database; 

accept the user preference; and 

store the user preference in the database. 



20. The system of Claim 19, wherein the user acceptance tool is further 
operable to: 

query a user about one or more corporate policies; and 
accept an acknowledgement from the user, the acknowledgement 
indicating that the user has agreed to the corporate policies. 

21. The system of Claim 20, wherein the user acceptance tool is further 
operable to send the acknowledgement to a security system database. 
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22. The system of Claim 19, further comprising an authorization 
management tool residing in the memory and executable by the processor, the 
authorization management tool operable to: 

accept a query from a data requester, the query related to a particular 
5 set of data; 

access the database to validate that a permission exists for the data 
requester; 

access the data protection rules, the corporate policies, and the user 
preferences in the database to validate that the particular set of data may be 
1 0 accessed by the data requester; and 

generate a response to the query. 



23. The system of Claim 22, wherein the authorization management tool is 
further operable to store identifying information about the data requester in the 
1 5 database. 



24. The system of Claim 22, wherein the authorization management tool is 
further operable to store a query result in the database, the query result related to 
whether the response was generated. 

20 

25. The system of Claim 19, further comprising a state change tool 
residing in the memory and executable by the processor, the state change tool 
operable to: 

receive a state change of the user; 
25 compare the state change to the data protection rules, the corporate 

policies, and the user preferences stored in the database; 

determine whether the state change complies with the data protection 
rules, the corporate policies, and the user preferences; and 

update the database with the state change. 



30 
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26. The system of Claim 25, wherein the state change tool is further 
operable to: 

query, based on the state change, the user about a new user preference 
with respect to the data protection rules; 

accept the new user preference; and 

update the database with the new user preference. 
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27. A computerized method for managing a plurality of data protection 
rules, comprising: 

receiving and storing the data protection rules and a plurality of 
corporate policies in a database; 

querying a user about a user preference with respect to one or more 
data protection rules stored in the database; 

accepting the user preference; and 

storing the user preference in the database. 

28. The computerized method of Claim 27, further comprising: 
querying a user about one or more corporate policies; and 
accepting an acknowledgement from the user, the acknowledgement 

indicating that the user has agreed to the corporate policies. 

29. The computerized method of Claim 28, further comprising sending the 
acknowledgement to a security computerized method database. 

30. The computerized method of Claim 27, further comprising: 
accepting a query from a data requester, the query related to a 

particular set of data; 

accessing the database to validate that a permission exists for the data 
requester; 

accessing the data protection rules, the corporate policies, and the user 
preferences in the database to validate that the particular set of data may be 
accessed by the data requester; and 

generating a response to the query. 



31. The computerized method of Claim 30, further comprising storing 
identifying information about the data requester in the database. 
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32. The computerized method of Claim 30, further comprising storing a 
query result in the database, the query result related to whether the response was 
generated. 



33. The computerized method of Claim 27, further comprising: 
receiving a state change of the user; 

comparing the state change to the data protection rules, the corporate 
policies, and the user preferences stored in the database; 

determining whether the state change complies with the data protection 
rules, the corporate policies, and the user preferences; and 

updating the database with the state change. 

34. The computerized method of Claim 33, further comprising: 
querying, based on the state change, the user about a new user 

preference with respect to the data protection rules; 
accepting the new user preference; and 
updating the database with the new user preference. 
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35. A system for managing a plurality of data protection rules, comprising: 
a processor; 

a database coupled to the processor, the database operable to receive 
and store a first set of data protection rules; 
a memory coupled to the processor; 

an impact analysis tool residing in the memory and executable by the 
processor, the impact analysis tool operable to: 

receive a second set of data protection rules; 
compare the second set of data protection rules to the first set of 
data protection rules to determine an impact on existing information; 
notify a data owner of the impact; and 

update the database with the second set of data protection rules. 

36. The system of Claim 35, wherein the existing information is one or 
more corporate policies. 

37. The system of Claim 36, wherein the impact analysis tool is further 
operable to receive one or more revised corporate policies, and update the database 
with the corporate policies. 

38. The system of Claim 35, wherein the existing information is one or 
more managed systems. 

39. The system of Claim 38, wherein the impact analysis tool is further 
operable to receive a revised managed system, and update the database with the 
managed system. 

40. The system of Claim 35, wherein the existing information is one or 
more user preferences associated with one or more of the second set of data protection 
rules. 
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41. The system of Claim 40, wherein the impact analysis tool is further 
operable to: 

query a user about the user preferences; 
accept the user preference; and 
5 update the database with the user preferences. 



42. The system of Claim 35, further comprising an authorization 
management tool residing in the memory and executable by the processor, the 
authorization management tool operable to: 
10 accept a query from a data requester, the query related to a particular 

set of data; 

access the database to validate that a permission exists for the data 
requester; 

access the second set of data protection rules in the database to validate 
1 5 that the particular set of data may be accessed by the data requester; and 

generate a response to the query. 



43. The system of Claim 42, wherein the authorization management tool is 
further operable to store identifying information about the data requester in the 
20 database. 



44. The system of Claim 42, wherein the authorization management tool is 
further operable to store a query result in the database, the query result related to 
whether the response was generated. 



25 
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45. The system of Claim 41, further comprising a state change tool 
residing in the memory and executable by the processor, the state change tool 
operable to: 

receive a state change of the user; 

compare the state change to the second set of data protection rules and 
the user preferences stored in the database; 

determine whether the state change complies with the second set of 
data protection rules and the user preferences; and 

update the database with the state change. 
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46. A computerized method for managing a plurality of data protection 
rules, comprising: 

receiving and storing a first set of data protection rules; 
receiving a second set of data protection rules; 

comparing the second set of data protection rules to the first set of data 
protection rules to determine an impact on existing information; 
notifying a data owner of the impact; and 

updating the database with the second set of data protection rules. 

47. The computerized method of Claim 46, wherein the existing 
information is one or more corporate policies. 

48. The computerized method of Claim 47, further comprising receiving 
one or more revised corporate policies and updating the database with the corporate 
policies. 

49. The computerized method of Claim 46, wherein the existing 
information is one or more managed systems. 

50. The computerized method of Claim 49, further comprising receiving a 
revised managed system and updating the database with the managed system. 

51. The computerized method of Claim 46, wherein the existing 
information is one or more user preferences associated with one or more of the second 
set of data protection rules. 

52. The computerized method of Claim 51, further comprising: 
querying a user about the user preferences; 

accepting the user preference; and 

updating the database with the user preferences. 
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53. The computerized method of Claim 46, further comprising: 
accepting a query from a data requester, the query related to a 

particular set of data; 

accessing the database to validate that a permission exists for the data 
5 requester; 

accessing the second set of data protection rules in the database to 
validate that the particular set of data may be accessed by the data requester; 
and 

generating a response to the query. 

10 

54. The computerized method of Claim 53, further comprising storing 
identifying information about the data requester in the database. 



55. The computerized method of Claim 53, further comprising storing a 
15 query result in the database, the query result related to whether the response was 

generated. 



56. The computerized method of Claim 52, further comprising: 

receiving a state change of the user; 
20 comparing the state change to the second set of data protection rules 

and the user preferences stored in the database; 

determining whether the state change complies with the second set of 
data protection rules and the user preferences; and 

updating the database with the state change. 
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57. A system for managing a plurality of data protection rules, comprising: 
a processor; 

a database coupled to the processor, the database operable to receive 
and store the data protection rules and to receive and store one or more states 
of an entity; 

a memory coupled to the processor; 

a state change tool residing in the memory and executable by the 
processor, the state change tool operable to: 

receive a state change of the entity; 

compare the state change to the data protection rules stored in 
the database; 

determine whether the state change complies with the data 
protection rules; and 

update the database with the state change. 

58. The system of Claim 57, wherein the state change tool is further 
operable to notify a data owner of the state change. 

59. The system of Claim 57, further comprising an authorization 
management tool residing in the memory and executable by the processor, the 
authorization management tool operable to: 

accept a query from a data requester, the query related to a particular 
set of data; 

access the database to validate that a permission exists for the data 
requester; 

access the data protection rules in the database to validate that the 
particular set of data may be accessed by the data requester; and 
generate a response to the query. 
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60. The system of Claim 59, wherein the authorization management tool is 
further operable to store identifying information about the data requester in the 
database. 

61 . The system of Claim 59, wherein the authorization management tool is 
further operable to store a query result in the database, the query result related to 
whether the response was generated. 

62. The system of Claim 59, further comprising a user acceptance tool 
residing in the memory and executable by the processor, the user acceptance tool 
operable to: 

query a user about a user preference with respect to the data protection 

rules; 

accept the user preference; and 

store the user preference in the database. 

63. The system of Claim 62, wherein the authorization management tool is 
further operable to access the user preferences in the database to validate that the 
particular set of data may be accessed by the data requester. 
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64. A computerized method for managing a plurality of data protection 
rules, comprising: 

receiving and storing the data protection rules in a database; 
receiving and storing one or more states of an entity in the database; 
5 receiving a state change of the entity; 

comparing the state change to the data protection rules stored in the 
database; 

determining whether the state change complies with the data protection 
rules; and 

1 0 updating the database with the state change. 

65. The computerized method of Claim 64, further comprising notifying a 
data owner of the state change. 

15 66. The computerized method of Claim 64, further comprising: 

accepting a query from a data requester, the query related to a 

particular set of data; 

accessing the database to validate that a permission exists for the data 

requester; 

20 accessing the data protection rules in the database to validate that the 

particular set of data may be accessed by the data requester; and 
generating a response to the query. 

67. The computerized method of Claim 66, further comprising storing 
25 identifying information about the data requester in the database. 

68. The computerized method of Claim 66, further comprising storing a 
query result in the database, the query result related to whether the response was 
generated. 

30 
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69. The computerized method of Claim 66, further comprising: 

querying a user about a user preference with respect to the data 

protection rules; 

accepting the user preference; and 
storing the user preference in the database. 



70. The computerized method of Claim 69, further comprising accessing 
the user preferences in the database to validate that the particular set of data may be 
accessed by the data requester. 
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71 . A system for managing a plurality of data protection rules, comprising: 
a processor; 

a data protection database coupled to the processor, the data protection 
database operable to receive and store a first set of data protection rules; 

a managed system database coupled to the processor, the managed 
system database operable to receive and store managed system information; 

a memory coupled to the processor; 

an audit and compliance tool residing in the memory and executable by 
the processor, the audit and compliance tool operable to: 

extract meta data from the managed system database and store 
the meta data in the data protection database, the meta data associated 
with the managed system information; 

receive a second set of data protection rules; 

compare, by utilizing the meta data, the second set of data 
protection rules to the managed system information to determine if the 
managed system information complies with the second set of data 
protection rules; 

notify a data owner of one or more results of the comparison; 

and 

update the data protection database with the second set of data 
protection rules. 

72. The system of Claim 71, wherein the audit and compliance tool is 
further operable to generate a report of the first and second data protection rules. 
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73. The system of Claim 71, further comprising an impact analysis tool 
residing in the memory and executable by the processor, the impact analysis tool 
operable to: 

receive the second set of data protection rules; 

compare the second set of data protection rules to the first set of data 
protection rules to determine an impact on existing information; 
notify a data owner of the impact; and 

update the data protection database with the second set of data 
protection rules. 

74. The system of Claim 73, wherein the existing information is one or 
more corporate policies. 

75. The system of Claim 74, wherein the impact analysis tool is further 
operable to receive one or more revised corporate policies, and update the data 
protection database with the corporate policies. 

76. The system of Claim 73, wherein the existing information is one or 
more user preferences associated with one or more of the second set of data protection 
rules. 

77. The system of Claim 76, wherein the impact analysis tool is further 
operable to: 

query a user about the user preferences; 
accept the user preference; and 

update the data protection database with the user preferences. 
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78. The system of Claim 71, further comprising an authorization 
management tool residing in the memory and executable by the processor, the 
authorization management tool operable to: 

accept a query from a data requester, the query related to a particular 
5 set of data; 

access the managed system database to validate that a permission 
exists for the data requester; 

access the second set of data protection rules in the data protection 
database to validate that the particular set of data may be accessed by the data 
10 requester; and 

generate a response to the query. 



79. The system of Claim 78, wherein the authorization management tool is 
further operable to store identifying information about the data requester in the 
1 5 managed system database. 



80. The system of Claim 78, wherein the authorization management tool is 
further operable to store a query result in the managed system database, the query 
result related to whether the response was generated. 

20 

81. The system of Claim 77, further comprising a state change tool 
residing in the memory and executable by the processor, the state change tool 
operable to: 

receive a state change of a user; 
25 compare the state change to the second set of data protection rules and 

the user preferences stored in the data protection database; 

determine whether the state change complies with the second set of 
data protection rales and the user preferences; and 

update the managed system database with the state change. 
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82. A computerized method for managing a plurality of data protection 
rules, comprising: 

receiving and storing a first set of data protection rules in a data 
protection database; 

receiving and storing managed system information in a managed 
system database; 

extracting meta data from the managed system database and storing the 
meta data in the data protection database, the meta data associated with the 
managed system information; 

receiving a second set of data protection rules; 

comparing, by utilizing the meta data, the second set of data protection 
rules to the managed system information to determine if the managed system 
information complies with the second set of data protection rules; 

notifying a data owner of one or more results of the comparison; and 
updating the data protection database with the second set of data 
protection rules. 

83. The computerized method of Claim 82, further comprising generating 
a report of the first and second data protection rules. 

84. The computerized method of Claim 82, further comprising: 
receiving the second set of data protection rules; 

comparing the second set of data protection rules to the first set of data 
protection rules to determine an impact on existing information; 
notifying a data owner of the impact; and 

updating the data protection database with the second set of data 
protection rules. 

85. The computerized method of Claim 84, wherein the existing 
information is one or more corporate policies. 
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86. The computerized method of Claim 85, further comprising receiving 
one or more revised corporate policies and updating the data protection database with 
the corporate policies. 

5 87. The computerized method of Claim 84, wherein the existing 

information is one or more user preferences associated with one or more of the second 
set of data protection rules. 



88. The computerized method of Claim 87, further comprising: 
1 0 querying a user about the user preferences; 

accepting the user preference; and 

updating the data protection database with the user preferences. 



89. The computerized method of Claim 82, further comprising: 
15 accepting a query from a data requester, the query related to a 

particular set of data; 

accessing the managed system database to validate that a permission 
exists for the data requester; 

accessing the second set of data protection rules in the data protection 
20 database to validate that the particular set of data may be accessed by the data 

requester; and 

generating a response to the query. 



90. The computerized method of Claim 89, further comprising storing 
25 identifying information about the data requester in the database. 

91. The computerized method of Claim 89, further comprising storing a 
query result in the managed system database, the query result related to whether the 
response was generated. 



30 
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92. The computerized method of Claim 88, further comprising: 
receiving a state change of a user; 

comparing the state change to the second set of data protection rules 
and the user preferences stored in the data protection database; 

determining whether the state change complies with the second set of 
data protection rules and the user preferences; and 

updating the managed system database with the state change. 
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93. A system for managing a plurality of data protection rules, comprising: 
a processor; 

a data protection database coupled to the processor, the data protection 
database operable to receive and store the data protection rules; 

a managed system database coupled to the processor, the managed 
system database operable to receive and store a first set of managed system 
information; 

a memory coupled to the processor; 

an audit and compliance tool residing in the memory and executable by 
the processor, the audit and compliance tool operable to: 

extract meta data from the managed system database and store 
the meta data in the data protection database, the meta data associated 
with the first set of managed system information; 

receive a second set of managed system information; 

compare, by utilizing the meta data, the data protection rules to 
the second set of managed system information to determine if the 
second set of managed system information complies with the data 
protection rules; 

notify a data owner of one or more results of the comparison; 

and 

update the managed system database with the second set of 
managed system information. 

94. The system of Claim 93, wherein the audit and compliance tool is 
further operable to generate a report of the data protection rules. 
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95. The system of Claim 93, further comprising an impact analysis tool 
residing in the memory and executable by the processor, the impact analysis tool 
operable to: 

receive the second set of data protection rules; 

compare the second set of data protection rules to the first set of data 
protection rules to determine an impact on existing information; 
notify a data owner of the impact; and 

update the data protection database with the second set of data 
protection rules. 

96. The system of Claim 95, wherein the existing information is one or 
more corporate policies. 

97. The system of Claim 96, wherein the impact analysis tool is further 
operable to receive one or more revised corporate policies, and update the data 
protection database with the corporate policies. 

98. The system of Claim 95, wherein the existing information is one or 
more user preferences associated with one or more of the second set of data protection 
rules. 

99. The system of Claim 98, wherein the impact analysis tool is further 
operable to: 

query a user about the user preferences; 
accept the user preference; and 

update the data protection database with the user preferences. 
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100. The system of Claim 93, further comprising an authorization 
management tool residing in the memory and executable by the processor, the 
authorization management tool operable to: 

accept a query from a data requester, the query related to a particular 
5 set of data; 

access the managed system database to validate that a permission 
exists for the data requester; 

access the second set of data protection rules in the data protection 
database to validate that the particular set of data may be accessed by the data 
10 requester; and 

generate a response to the query. 



101. The system of Claim 100, wherein the authorization management tool 
is further operable to store identifying information about the data requester in the 
1 5 managed system database. 



20 



102. The system of Claim 100, wherein the authorization management tool 
is further operable to store a query result in the managed system database, the query 
result related to whether the response was generated. 



103. The system of Claim 99, further comprising a state change tool 
residing in the memory and executable by the processor, the state change tool 
operable to: 

receive a state change of a user; 
25 compare the state change to the second set of data protection rules and 

the user preferences stored in the data protection database; 

determine whether the state change complies with the second set of 
data protection rules and the user preferences; and 

update the managed system database with the state change. 

30 
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104. A system for managing a plurality of data protection rules, comprising: 
receiving and storing the data protection rules in a data protection 

database; 

receiving and storing a first set of managed system information in a 
5 managed system database; 

extracting meta data from the managed system database and storing the 
meta data in the data protection database, the meta data associated with the 
first set of managed system information; 

receiving a second set of managed system information; 
10 comparing, by utilizing the meta data, the data protection rules to the 

second set of managed system information to determine if the second set of 
managed system information complies with the data protection rules; 

notifying a data owner of one or more results of the comparison; and 
updating the managed system database with the second set of managed 
15 system information. 

105. The system of Claim 104, further comprising generating a report of the 
data protection rules. 



20 106. The computerized method of Claim 104, further comprising: 

receiving a second set of data protection rules; 

comparing the second set of data protection rules to the first set of data 
protection rules to determine an impact on existing information; 

notifying a data owner of the impact; and 
25 updating the data protection database with the second set of data 

protection rules. 



107. The computerized method of Claim 106, wherein the existing 
information is one or more corporate policies. 

30 
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108. The computerized method of Claim 107, further comprising receiving 
one or more revised corporate policies and updating the data protection database with 
the corporate policies. 



5 109. The computerized method of Claim 106, wherein the existing 

information is one or more user preferences associated with one or more of the second 
set of data protection rules. 



110. The computerized method of Claim 109, further comprising: 
10 querying a user about the user preferences; 

accepting the user preference; and 

updating the data protection database with the user preferences. 



111. The computerized method of Claim 104, further comprising: 
15 accepting a query from a data requester, the query related to a 

particular set of data; 

accessing the managed system database to validate that a permission 
exists for the data requester; 

accessing the data protection rules in the data protection database to 
20 validate that the particular set of data may be accessed by the data requester; 

and 

generating a response to the query. 



112. The computerized method of Claim 111, further comprising storing 
25 identifying information about the data requester in the managed system database. 

113. The computerized method of Claim 111, further comprising storing a 
query result in the managed system database, the query result related to whether the 
response was generated. 
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114. The computerized method of Claim 110, further comprising: 
receiving a state change of a user; 

comparing the state change to the second set of data protection rules 
and the user preferences stored in the data protection database; 

determining whether the state change complies with the second set of 
data protection rules and the user preferences; and 

updating the managed system database with the state change. 
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115. A system for managing a plurality of data protection rales, comprising: 
a processor; 

a data protection database coupled to the processor, the data protection 
database operable to receive and store the data protection rules, a plurality of 
5 corporate policies, a plurality of permissions generated by a data owner, and 

one or more states of an entity; 

a managed system database coupled to the processor, the managed 
system database operable to receive and store managed system information; 
a memory coupled to the processor; 
10 an authorization management tool residing in the memory and 

executable by the processor, the authorization management tool operable to: 

accept a query from a data requester, the query related to a 
particular set of data; 

access the managed system database to validate that a 
1 5 permission exists for the data requester; 

access the data protection rules and the corporate policies in the 
data protection database to validate that the particular set of data may 
be accessed by the data requester; and 
generate a response to the query; 
20 a user acceptance tool residing in the memory and executable by the 

processor, the user acceptance tool operable to: 

query a user about a user preference with respect to one or 
more data protection rules stored in the data protection database; 
accept the user preference; and 
25 store the user preference in the data protection database; 

an impact analysis tool residing in the memory and executable by the 
processor, the impact analysis tool operable to: 

receive a new set of data protection rules; 
compare the new set of data protection rules to the data 
30 protection rules to determine an impact on existing information; 

notify a data owner of the impact; and 
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update the data protection database with the new set of data 
protection rules; 

a state change tool residing in the memory and executable by the 
processor, the state change tool operable to: 
5 receive a state change of an entity; 

compare the state change to the data protection rules stored in 
the data protection database; 

determine whether the state change complies with the data 
protection rules; and 

10 update the managed system database with the state change; and 

an audit and compliance tool residing in the memory and executable by 
the processor, the audit and compliance tool operable to: 

extract meta data from the managed system database and store 
the meta data in the data protection database, the meta data associated 
1 5 with the managed system information; 

receive the new set of data protection rules; 
compare, by utilizing the meta data, the new set of data 
protection rules to the managed system information to determine if the 
managed system information complies with the new set of data 
20 protection rules; 

notify the data owner of one or more results of the comparison; 

and 

update the data protection database with the new set of data 
protection rules. 
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